Address Changes and Card Replacement
Question: What are we required to do in addition to changing a customer's address and/or re-issuing a card?
Answer: The requirements for verifying an address and issuing a new card are clearly spelled out in the regulation. There are several options for verifying an address (e.g., using internal data, third party, customer verification, etc.). New cards are to be issued only after appropriate verification is completed. But what then?
- Record Keeping. Address verification and card re-issue are bound to be targets of interest for Red Flags examinations. If you do not have a solid system for keeping track of these events, you will need one. Be sure to include all the important data, such as: dates, type of request, how received, how verified, by whom, etc.
- Risk Assessment. Since you are also required to perform risk assessment on covered accounts (you need to do this for both Red Flags and BSA/AML compliance), a good practice would be to tie address change and card requests to the account's risk status. At least for a temporary period, we can assume that the account risk has elevated.
- Account Monitoring. For a variable period, you should carefully monitor accounts with new addresses or replacement cards for suspicious changes in activity. There are several specific Red Flags that can indicate account takeover and you should be on the alert for these types of activity.
It is clear that you will need a process to manage, track and record the actions needed in complying with the requirements. An integrated process is one that can automatically pass risk information from request receipt and verification, to risk assessment, and on to account monitoring. Such an integrated process will avoid duplication of effort and the risk of maintaining multiple sets of records - reducing the cost of your compliance. You should look carefully at your BSA/AML processes and use as much of these capabilities as possible to satisfy the Red Flags requirements.
BANKDetect has been a major provider of fraud prevention and risk compliance solutions to the financial industry since 1996. The company offers the widest selection of integrated solutions available for addressing BSA/AML, ID Theft Red Flags and traditional fraud requirements. The company offers integrated solutions for:: account opening identity screening, CIP compliance analysis, risk assessment, case management, account activity analysis (for fraud, Red Flags, and AML), OFAC/OSFI screening, electronic SAR/CTR reporting, address discrepancy management, and more. BANKDetect also offers consulting and risk analysis support to its clients. Contact BANKDetect at www.bankdetect.com | 410 867 8217.
First published on BankersOnline.com 8/25/08
First published on 08/25/2008